Attached are 87 potential buffer overruns in 2.5.53. Most arise fromimproper bounds checks, and some might be security holes where the arrayindex comes from an untrusted source (e.g. copy_from_user). In the bugreport, "len" refers to the length of the array or buffer beingaccessed, and "off" refers to the offset/index that is being used toaccess it. (off >= len) corresponds to a buffer overrun, while (off < 0)signals an underrun.